• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-39669
    CVE-2021-39669
    In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:8 | 回复:0
  • CVE-2021-39668
    CVE-2021-39668
    In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:8 | 回复:0
  • CVE-2021-39666
    CVE-2021-39666
    In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges neede ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:8 | 回复:0
  • CVE-2021-39665
    CVE-2021-39665
    In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:8 | 回复:0
  • CVE-2021-39664
    CVE-2021-39664
    In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additio ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:8 | 回复:0
  • CVE-2021-39663
    CVE-2021-39663
    In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:8 | 回复:0
  • CVE-2021-39662
    CVE-2021-39662
    In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:8 | 回复:0
  • CVE-2021-39658
    CVE-2021-39658
    ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-part ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-39635
    CVE-2021-39635
    ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller's permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-39631
    CVE-2021-39631
    In clear_data_dlg_text of strings.xml, there is a possible situation when Clear storage functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to lo ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-39619
    CVE-2021-39619
    In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation o ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:12 | 回复:0
  • CVE-2021-39616
    CVE-2021-39616
    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:10 | 回复:0
  • CVE-2021-34235
    CVE-2021-34235
    Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-31932
    CVE-2021-31932
    Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-22824
    CVE-2021-22824
    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-22823
    CVE-2021-22823
    A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network m ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-22806
    CVE-2021-22806
    A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk ( ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:9 | 回复:0
  • CVE-2021-22805
    CVE-2021-22805
    A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network m ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:10 | 回复:0
  • CVE-2021-22804
    CVE-2021-22804
    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to mis ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:13 | 回复:0
  • CVE-2021-22803
    CVE-2021-22803
    A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:13 | 回复:0
  • CVE-2021-22802
    CVE-2021-22802
    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is r ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:15 | 回复:0
  • CVE-2021-22801
    CVE-2021-22801
    A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: Co ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:16 | 回复:0
  • CVE-2021-22800
    CVE-2021-22800
    A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:18 | 回复:0
  • CVE-2021-22798
    CVE-2021-22798
    A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:15 | 回复:0
  • CVE-2021-22796
    CVE-2021-22796
    A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:18 | 回复:0
  • CVE-2021-22788
    CVE-2021-22788
    A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modico ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:23 | 回复:0
  • CVE-2021-22787
    CVE-2021-22787
    A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affec ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:22 | 回复:0
  • CVE-2021-22785
    CVE-2021-22785
    A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server o ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:19 | 回复:0
  • CVE-2021-22748
    CVE-2021-22748
    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:20 | 回复:0
  • CVE-2021-0524
    CVE-2021-0524
    In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:18 | 回复:0
  • CVE-2020-14523
    CVE-2020-14523
    Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:26 | 回复:0
  • CVE-2020-14521
    CVE-2020-14521
    Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, mo ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:39 | 回复:0
  • CVE-2021-45387
    CVE-2021-45387
    tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:38 | 回复:0
  • CVE-2021-45386
    CVE-2021-45386
    tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:36 | 回复:0
  • CVE-2021-23597
    CVE-2021-23597
    This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://se ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:52 | 回复:0
  • CVE-2021-45385
    CVE-2021-45385
    A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:42 | 回复:0
  • CVE-2021-42940
    CVE-2021-42940
    A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:29 | 回复:0
  • CVE-2020-36062
    CVE-2020-36062
    Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:26 | 回复:0
  • CVE-2020-13677
    CVE-2020-13677
    Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:24 | 回复:0
  • CVE-2020-13676
    CVE-2020-13676
    The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:29 | 阅读:28 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap